WikiLeaks: CIA Secret Exploits Target Car Hacking, Wise TVs – Infosecurity Magazine
WikiLeaks: CIA Secret Exploits Target Car Hacking, Clever TVs
WikiLeaks has released thousands of documents that it claims showcase how the Central Intelligence Agency can break into smartphones, computers and other connected devices, including wise TVs.
The trove, which WikiLeaks is dubbing «Vault 7,» purports to be a massive archive of CIA material consisting of several hundred million lines of computer code that has been «circulated among former US government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.»
«This demonstrates conflicting challenges faced by the security developer community,» said Vikram Kapoor, co-founder and CTO at Lacework, a Mountain View, Calif. based provider of cloud security solutions, via email. «On one forearm, this has scary implications for individual privacy rights and shows how extensively some of the systems can be hacked. On the other forearm, it demonstrates how hard it is to manage security for insider risk and cloud workloads today for organizations.»
Most centrally, the documents display ways that the agency allegedly can hack mobile phones and can bypass the encryption used by messaging services like Signal, WhatsApp and Telegram. After penetrating Android phones, the CIA can collect «audio and message traffic before encryption is applied,» WikiLeaks said.
He purported intelligence documents also include detailed information on CIA-developed malware–dubbed things like Assassin and Medusa. And, the documents point to an entire alleged unit in the CIA is dedicated to hacking Apple products. Further, WikiLeaks alleges that the CIA is proven here to have deliberately failed to disclose security vulnerabilities and bugs to major US software manufacturers, choosing instead to leverage them for their own completes.
On a darker front, the documents claim that the CIA maintains remote hacking programs to turn various connected devices, including clever TVs, into recording and transmitting stations, with the feeds sent back to secret CIA servers.
Other capabilities «would permit the CIA to engage in almost undetectable assassinations,» WikiLeaks said. One document lays out deeds that the CIA allegedly took to infiltrate and take over vehicle control systems in cars and trucks.
«Many of the vulnerabilities cited in this contraption set are well-known,» said Andrew McDonnell, president at AsTech, a San Francisco-based security consulting company, via email. «Clever TVs, old Android phones (such as the President’s), unpatched routers, and a host of other devices have known vulnerabilities that are not special to the CIA. These implementations may have been special, but that doesn’t mean only the CIA had exploits. If genuine, there are likely some proprietary vulnerabilities or zero-days in there. Ultimately, secret backdoors in software–whether intentional or based on an exploit–make everyone less safe: there’s no way to control who uses them.»
The source of the documents was not named, no news organization has verified the documents` authenticity, and the CIA has said that it will not comment. However, a former intelligence officer told the Fresh York Times that some of the code names for CIA programs, an organization chart and the description of a CIA hacking base appeared to be genuine.
Edward Snowden meantime has weighed in via Twitter, telling that he too believes the information to be real.
«Program & office names, such as the JQJ (IOC) crypt series, are real. Only a cleared insider could know them,» he tweeted.
The initial release, which WikiLeaks said was only the very first part of the document collection, includes 7,818 web pages with nine hundred forty three attachments. The documents, from the CIA`s Center for Cyber Intelligence, are dated from two thousand thirteen to 2016, and the sum total of the cache is the «entire hacking capacity» for the CIA.
WikiLeaks said it was not releasing any cyberweapon code itself «until a consensus emerges on the technical and political nature of the CIA`s program and how such ‘weapons` should be analyzed, disarmed and published.»
Fred Wilmot, CEO at Packetsled, told us that the ethics of the situation don`t stand the CIA in good stead, should the documents prove to be legitimate.
“There is nothing to debate about the security, creation and proliferation of cyberweapons,» he said via email. «However, there is slew to debate about privacy, audit and transparency for Americans when it comes to their homes, their private data and their required level of cognition necessary to protect themselves from any cyberweapons in today’s connected world.»
WikiLeaks: CIA Secret Exploits Target Car Hacking, Wise TVs – Infosecurity Magazine
WikiLeaks: CIA Secret Exploits Target Car Hacking, Brainy TVs
WikiLeaks has released thousands of documents that it claims demonstrate how the Central Intelligence Agency can break into smartphones, computers and other connected devices, including brainy TVs.
The trove, which WikiLeaks is dubbing «Vault 7,» purports to be a massive archive of CIA material consisting of several hundred million lines of computer code that has been «circulated among former US government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.»
«This demonstrates conflicting challenges faced by the security developer community,» said Vikram Kapoor, co-founder and CTO at Lacework, a Mountain View, Calif. based provider of cloud security solutions, via email. «On one forearm, this has scary implications for individual privacy rights and shows how extensively some of the systems can be hacked. On the other mitt, it demonstrates how hard it is to manage security for insider risk and cloud workloads today for organizations.»
Most centrally, the documents showcase ways that the agency allegedly can hack mobile phones and can bypass the encryption used by messaging services like Signal, WhatsApp and Telegram. After penetrating Android phones, the CIA can collect «audio and message traffic before encryption is applied,» WikiLeaks said.
He purported intelligence documents also include detailed information on CIA-developed malware–dubbed things like Assassin and Medusa. And, the documents point to an entire alleged unit in the CIA is faithful to hacking Apple products. Further, WikiLeaks alleges that the CIA is proven here to have deliberately failed to disclose security vulnerabilities and bugs to major US software manufacturers, choosing instead to leverage them for their own finishes.
On a darker front, the documents claim that the CIA maintains remote hacking programs to turn various connected devices, including wise TVs, into recording and transmitting stations, with the feeds sent back to secret CIA servers.
Other capabilities «would permit the CIA to engage in almost undetectable assassinations,» WikiLeaks said. One document lays out deeds that the CIA allegedly took to infiltrate and take over vehicle control systems in cars and trucks.
«Many of the vulnerabilities cited in this contraption set are well-known,» said Andrew McDonnell, president at AsTech, a San Francisco-based security consulting company, via email. «Clever TVs, old Android phones (such as the President’s), unpatched routers, and a host of other devices have known vulnerabilities that are not off the hook to the CIA. These implementations may have been off the hook, but that doesn’t mean only the CIA had exploits. If genuine, there are likely some proprietary vulnerabilities or zero-days in there. Ultimately, secret backdoors in software–whether intentional or based on an exploit–make everyone less safe: there’s no way to control who uses them.»
The source of the documents was not named, no news organization has verified the documents` authenticity, and the CIA has said that it will not comment. However, a former intelligence officer told the Fresh York Times that some of the code names for CIA programs, an organization chart and the description of a CIA hacking base appeared to be genuine.
Edward Snowden meantime has weighed in via Twitter, telling that he too believes the information to be real.
«Program & office names, such as the JQJ (IOC) crypt series, are real. Only a cleared insider could know them,» he tweeted.
The initial release, which WikiLeaks said was only the very first part of the document collection, includes 7,818 web pages with nine hundred forty three attachments. The documents, from the CIA`s Center for Cyber Intelligence, are dated from two thousand thirteen to 2016, and the sum total of the cache is the «entire hacking capacity» for the CIA.
WikiLeaks said it was not releasing any cyberweapon code itself «until a consensus emerges on the technical and political nature of the CIA`s program and how such ‘weapons` should be analyzed, disarmed and published.»
Fred Wilmot, CEO at Packetsled, told us that the ethics of the situation don`t stand the CIA in good stead, should the documents prove to be legitimate.
“There is nothing to debate about the security, creation and proliferation of cyberweapons,» he said via email. «However, there is slew to debate about privacy, audit and transparency for Americans when it comes to their homes, their individual data and their required level of cognition necessary to protect themselves from any cyberweapons in today’s connected world.»
Leave a Reply